Proving the randomness of a random number generator?
Victor Duchovni
Victor.Duchovni at MorganStanley.com
Sat Dec 3 14:59:31 EST 2005
On Fri, Dec 02, 2005 at 10:13:21PM -0200, afonso.ez at terra.com.br wrote:
>
> Well, you just can't prove a PRNG is secure. It would be like proving that the AES
> is secure, or that factoring integers is hard. It just can't be done (aside theoretical
> discutions about P=NP).
>
Actually, this is inaccurate, proving the strength of AES or factoring is
difficult, and may never happen, we may even prove AES to be not secure
(in a broad sense) some day. Proving an RNG secure is *impossible*.
A replay of an AES tranmission remains confidential, a replay of an RNG
generated sequence, is no longer random.
Think of the scam in "The Sting", a time-delayed random outcome is no
longer random. It is not possible to prove to a passive observer that
information he is receiving is not time-delayed and was not available
to other observers in advance.
--
Viktor.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list